Azure SSO IDP setup throwing "The request is not a valid Saml2 protocol message." error

%3CLINGO-SUB%20id%3D%22lingo-sub-77341%22%20slang%3D%22en-US%22%3EAzure%20SSO%20IDP%20setup%20throwing%20%22The%20request%20is%20not%20a%20valid%20Saml2%20protocol%20message.%22%20error%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-77341%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20trying%20to%20setup%20an%20Azure%20SSO%20with%20Visier%20and%20they%20only%20accept%20IDP%20Initiated%20setup.%20So%20we%20went%20ahead%20and%20followed%20instructions%20but%20we%20keep%20running%20into%20%22We%20received%20a%20bad%20request%22%20error..%20We%20are%20not%20sure%20how%20to%20trace%20and%20troubleshoot%20this%20issue%20to%20figure%20out%20where%20the%20issue%20is..is%20it%20on%20the%20Service%20provider%20side%20setup%20or%20its%20is%20on%20our%20Azure%20side.%26nbsp%3B%20Let%20me%20know%20what%20information%20you%20will%20need%20to%20help%20us%20with%20this%20but%20we%20are%20stuck%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-77341%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-77806%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20SSO%20IDP%20setup%20throwing%20%22The%20request%20is%20not%20a%20valid%20Saml2%20protocol%20message.%22%20erro%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-77806%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Amit%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20would%20be%20helpful%20to%20see%20your%20SAML%20assertion.%20But%20in%20order%20to%20troubleshoot%20HTTPS%20authentication%2C%20I%20would%20recommend%20Telerik%20Fiddler%20with%20HTTPS%20decryption%20enabled.%20The%20trace%20will%20log%20show%20the%20data%20flow%20all%20the%20way%20through.%20It%20seems%20to%20me%20there%20may%20be%20something%20strange%20with%20the%20assertion.%20Hope%20this%20helps.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-77379%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20SSO%20IDP%20setup%20throwing%20%22The%20request%20is%20not%20a%20valid%20Saml2%20protocol%20message.%22%20erro%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-77379%22%20slang%3D%22en-US%22%3E%3CP%3EAny%20tools%20you%20guys%20recommend%20we%20can%20use%20to%20trace%2Ftroubleshoot%20on%20IDP%20initiated%20Integration%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

We are trying to setup an Azure SSO with Visier and they only accept IDP Initiated setup. So we went ahead and followed instructions but we keep running into "We received a bad request" error.. We are not sure how to trace and troubleshoot this issue to figure out where the issue is..is it on the Service provider side setup or its is on our Azure side.  Let me know what information you will need to help us with this but we are stuck

2 Replies
Highlighted

Any tools you guys recommend we can use to trace/troubleshoot on IDP initiated Integration ?

Highlighted

Hello Amit,

 

It would be helpful to see your SAML assertion. But in order to troubleshoot HTTPS authentication, I would recommend Telerik Fiddler with HTTPS decryption enabled. The trace will log show the data flow all the way through. It seems to me there may be something strange with the assertion. Hope this helps.